State of the CISO

For some time now, threat hunters have talked about knowing the unknowns. It’s time to expand that to the entire spectrum of cybersecurity: to users, apps, data, and clouds. You can’t protect what you can’t see.You generally want to support the business, and not mire it down in bureaucracy. If you’re going to be a bit more open, how are you mitigating control? This is going to be different for everyone. CISOs must deal with that balance of organizational culture while combatting the most critical threats. Sometimes blocking everything and locking everything down doesn’t fit the culture of the enterprise. That might be right for a bank but not for a university.The CISO faces several challenges managing cyberrisk – whatever their organizational model:

Breaches create adverse impacts to financial profitability, brand reputation, customer data security, customer satisfaction, and continuity of business.

Losses can be substantial and non- recoverable, creating a higher risk score for the organization on insurability.

IT is usually siloed across the organization, making integration of securing the network, the cloud, and employee endpoints highly complex.

Over the years, vendor point solutions looked promising; however, each generates their own set of alerts. Many point solutions competing on alerts makes it difficult to identify those threats posing the highest risk to the organization, and becomes a resource drain.

Aggressive tactics to hire security IT personnel are required, as the specialized pool of candidates cannot sustain the magnitude of the problem across global organizations. The talent shortage is, however, out of control and not solvable by trying to fill all jobs.

New threats appear daily, even hourly, and are employing more stealth and sophisticated methods. We recently reported on Emotet, Olympic Destroyer and other prevalent threats in Cisco’s Threat Report 2019. Threat response as a category has to evolve and there is a need for tools to consolidate information and centralize remediation of infections and other incidents.

“You strive to understand how to get visibility into unknowns such as the new threats that are coming in – or even from within your own environment: unknown devices, apps, data. If you can’t see it, you can’t protect it. That’s the biggest thing that keeps me up at night."

Additional technologies and processes for the the CISO to consider are:

AI and ML, used right, are essential to triage the volume of work.
The cost of a breach is falling – but don’t get too excited yet.
There is head room to realize obvious benefits in process improvement, e.g. training.
There is more confidence in cloud-delivered security and in securing the cloud.